Dear Alibaba Cloud users,
From July 27, 2022, Alibaba Cloud starts to roll out updates based on Bastionhost V3.2.28. New features are provided in Bastionhost V3.2.28. The features include database O&M and audit and the O&M portal. Bastionhost V3.2.28 also allows local users to implement two-factor authentication by using one-time password (OTP) tokens that are generated on the mobile phones of the users.
New features
Bastionhost V3.2.28 introduces the following new features:
Database O&M and audit are supported. You can perform O&M and audit operations on ApsaraDB RDS for MySQL instances, ApsaraDB RDS for SQL Server instances, ApsaraDB RDS for PostgreSQL instances, and self-managed databases.
The O&M portal is released. If you use Bastionhost Enterprise Edition, you can log on to the O&M portal to maintain assets on which you have permissions on a web page. You can also use an OTP token to log on to the O&M portal as local user.
OTP tokens are provided for local users to implement two-factor authentication. Local users can scan the quick response (QR) code that is displayed in the O&M portal to implement two-factor authentication.
Custom ports are supported for hosts. If you import multiple hosts by using an Excel file, you can specify custom ports for the hosts.
For more information about the new features, see Release notes.
Update methods
You can update your bastion host in custom or automatic mode. During the available update period for the region of your bastion host, you can specify a custom period to update your bastion host or wait until your bastion host is automatically updated.
Custom mode
You can specify a custom period during which you want to update your bastion host. The period must be within the available update period for the region of your bastion host. For more information, see Available update periods and Update a bastion host.
Automatic upgrade
Your bastion host is automatically updated when a default period starts. For more information about the default periods for different regions, see Available update periods. If you do not specify a custom period for an update, your bastion host is automatically updated during a default period.
If you choose the automatic mode, your bastion host is updated during a default period. Bastionhost randomly determines the default period based on the available update period for the region of your bastion host.
If you want to update your bastion host during a custom period, we recommend that you specify the custom period at the beginning of the available update period for the region of your bastion host. If you do not specify the custom period at the beginning of the available update period, your bastion host may be automatically updated when a default period starts.
The default period may overlap with the peak hours of your business. This may affect your business. To prevent business interruptions, we recommend that you specify a custom period during which the impact of an update is minimized.
Impact
If your bastion host is being updated, it is in the Updating Configuration state, and your business may be interrupted for a few seconds. We recommend that you specify a custom period to update your bastion host during the off-peak hours of your business.
If you turn off the switch of the public network for a bastion host, the host O&M feature becomes unavailable. Before you turn off the switch, we recommend that you evaluate whether you must perform O&M operations on a host over a private network.
Bastionhost disables some unused ports. This ensures the security of your service ports. We recommend that you perform O&M operations over the ports that are configured in the console of your bastion host.
The audit port of Bastionhost is changed from port 443 to port 9443. If Cloud Firewall is used in your service, you must create an inbound access control policy to allow access from specific IP addresses over port 9443. The IP addresses are resolved from the O&M addresses of your bastion host.
Available update periods
The available update periods vary based on the region of your bastion host. The following table lists available update periods for specific regions.
Available update period | Region | Region ID |
June 27, 2022 to July 29, 2022 August 01, 2022 to August 05, 2022 August 08, 2022 to August 09, 2022 | China (Shanghai) | cn-shanghai |
China (Hohhot) | cn-huhehaote | |
Singapore | ap-southeast-1 | |
Australia (Sydney) | ap-southeast-2 | |
Malaysia (Kuala Lumpur) | ap-southeast-3 | |
Indonesia (Jakarta) | ap-southeast-5 | |
Japan (Tokyo) | ap-northeast-1 | |
August 03, 2022 to August 05, 2022 August 08, 2022 to August 12, 2022 August 15, 2022 to August 16, 2022 | China (Shenzhen) | cn-shenzhen |
China (Chengdu) | cn-chengdu | |
China (Qingdao) | cn-qingdao | |
China (Zhangjiakou) | cn-zhangjiakou | |
India (Mumbai) | ap-south-1 | |
UAE (Dubai) | me-east-1 | |
August 10, 2022 to August 12, 2022 August 15, 2022 to August 19, 2022 August 22, 2022 to August 23, 2022 | China (Hangzhou) | cn-hangzhou |
China (Beijing) | cn-beijing | |
China (Ulanqab) | cn-wulanchabu | |
China (Heyuan) | cn-heyuan | |
China (Hong Kong) | cn-hongkong | |
Germany (Frankfurt) | eu-central-1 | |
UK (London) | eu-west-1 | |
US (Virginia) | us-east-1 | |
US (Silicon Valley) | us-west-1 | |
China (Shenzhen) | cn-shenzhen |
Alibaba Gov Cloud
Available update period | Region | Region ID |
August 10, 2022 to August 12, 2022 August 15, 2022 to August 19, 2022 August 22, 2022 to August 23, 2022 | China North 2 Ali Gov 1 | cn-north-2-gov-1 |
Alibaba Finance Cloud
Available update period | Region | Region ID |
August 10, 2022 to August 12, 2022 August 15, 2022 to August 19, 2022 August 22, 2022 to August 23, 2022 | China East 2 Finance | cn-shanghai-finance-1 |